![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 7.000000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
7,023 questions
Hi,
I think you need to review this and the best practice is not to delegate (assign) permissions directly to specific user accounts. Create a new security group in AD instead, add a user to it, and delegate permissions on an OU or Domain for that group. If you want to grant the same permissions to another user, you can simply add him to this security group.
However in this case you can try this command:
dsacls "CN=Deleted Objects,DC=Picaso,DC=com" /g Picaso\Bloggs:LCRP
In this example, the user "Picaso\bloggs" has been granted List Contents and Read Property permissions on the deleted objects container in the "Picaso" domain.
ACLDiag.exe "CN=Deleted Objects,DC=Picaso,DC=com" /chkdeleg (for checking the permission)
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
